WordPress is one of the most popular website content management platforms in use today. However, due to its popularity, it makes WordPress websites subject to repeated attacks from malware, hackers, and other security breaches. Senior living websites built on a WordPress platform cannot be left “as is” once developed; they will require continuous software updates and maintenance to help prevent or minimize security exposure.
At Markentum, our Infinity Website Maintenance plan includes performing software and security updates to help keep your website secure. While no site is completely safe, we believe the following recommendations can help minimize your exposure to prevent WordPress attacks.
WordPress Login Attacks
Never Use “admin” as a Username
One of the most critical components of your website’s security is the user login credentials. The username “admin” is often set as a default for many websites and applications. Even WordPress initially used “admin” as their default admin username. Hackers quickly picked up on this, so WordPress now requires you to create a custom username. However, older websites may still have admin usernames in place.
For an attacker to gain login access, they must guess both the username and password (usually an impossible task). Since your username makes up half of your login credentials, using “admin” as your username removes half of the guesswork for attackers. All they need to do is guess the password, and they will have full control over your entire site. Software used by hackers will try hundreds of different passwords in a short time, which is called a brute force attack, and that can greatly increase the number of attackers that can gain access to a website with an admin username.
When looking through website logs, it is not uncommon to see failed login attempts with the username “admin,” which is why we never use or advise our partners to use “admin” or any other easily guessable username on their WordPress site.
Limit Login Attempts
Limiting the number of login attempts a user has can significantly decrease your chances of falling victim to brute force attacks. Having unlimited login attempts allows hackers to try and crack users' login credentials by continually trying different username and password combinations.
Use Secure Passwords
We know it is much simpler to use a short and easy-to-remember password, but this can pose a significant security risk to your site. The truth is, there are plenty of attackers out there that want to gain access to your website and your information. Whether you feel they have anything to gain or not, many are just bots scanning the web for weak websites to infiltrate, hold ransom, or inject with advertisements for questionable products you would not want shown on your website.
To keep your website safe, you will want to use strong and secure passwords, at all times, for every single user. Creating a strong password that is also easy to remember can be difficult. Below are some tips and things to consider when creating a password.
- Don’t use personal information: Using your name or the name of a family member along with birthdates, usernames, or email addresses will make it much easier for hackers to guess your password. This type of information is typically publicly available.
- Don’t use the same password for multiple accounts: If your password is ever discovered, all of your other accounts will be compromised.
- Use a minimum of 12 characters: You should try to keep your passwords to a minimum of 12 characters; however, longer passwords are even more secure.
- Include capital letters, numbers, and symbols: Including different types of characters will make your passwords much harder to crack.
- Use a password generator: If you are having trouble creating a secure password, you can use a password generator. Random passwords are often the most secure.
Two Factor Authentication
Adding two-factor authentication (2FA) to your login page is a great security measure and immensely decreases the chances of someone’s login credentials being cracked. Two-factor authentication requires users to log in by using a two-step method. Usually, these methods are entering your password then receiving a confidential code sent to your phone or email.
Keep WordPress Updated
WordPress releases incremental updates that fix bugs, security vulnerabilities, improves performance, and adds new web development features. The most important updates are bug and security fixes. Security is a top priority, and WordPress releases these updates to counteract any exploits or vulnerabilities that would otherwise put your site at risk of being hacked. The improvements and new features are always great to have, too.
On average, there could be several updates within a month, and these should be tested prior to installing, with a full database backup created before installation. Markentum recommends that this task is performed by a web development professional to ensure a smooth implementation.
Keep Themes/Plugins Updated
Themes and plugins are crucial for any WordPress website. However, if kept out of date, they can cause severe security vulnerabilities that can open up your website to all types of attacks. Hackers lie in wait to exploit these weaknesses in your outdated themes and plugins. Keeping your website plugins up to date is essential for maintaining your website’s security.
It is also important to avoid any plugins that have either been abandoned or do not release updates periodically, because they will create the same vulnerabilities. One of the most notorious website hacks, that resulted in the leaking of the Panama Papers, was the result of an outdated WordPress plugin that then allowed hackers to gain server access and find sensitive data files.
Frequent or Automated File Backups
Creating regular backups of your website is the best way to prevent or minimize the potential damage caused if your website security is compromised. Backups can save you from any catastrophic situation, whether it be a server crash, natural disaster, or even a hacker attack. Avoiding data and information loss allows you to get a website back up and running in a quick and orderly fashion.
At Markentum, we create daily backups for all our partners' senior living websites and store them on a different server. Data redundancy, which means having multiple copies of your files in different places, reduces your risk and exposure. If you are looking to create backups of your website, you will want to consult a web development professional to ensure that the files are being downloaded and stored correctly. Even a momentary lapse in your internet connection can corrupt a file. Keep in mind; additional software plans may be required for you to automate your file backups completely.
Like any business investment, proper maintenance is required to keep things running smoothly. The Markentum team hopes this article helps you understand the importance of cutting-edge website security, ongoing maintenance, and offers you guidance as to how you can keep your website more secure with the help of our professional web development services.
If you’re interested in learning more about Markentum or scheduling a free marketing evaluation, contact us to start growing your digital marketing efforts for your senior living community!